| NODIS Library | Program Management(8000s) | Search |

NPR 8000.4C
Effective Date: April 19, 2022
Expiration Date: April 19, 2027
Printable Format (PDF)

Subject: Agency Risk Management Procedural Requirements

Responsible Office: Office of Safety and Mission Assurance

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL |

Appendix E. References

E.1 Federal Information Security Modernization Act of 2014, Pub. L. 113-283, (2014).

E.2 Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure), E.O. 13800 (2017).

E.3 Acquisition Planning, 48 CFR pt.7.

E.4 Contracting by Negotiation, 48 CFR pt.15.

E.5 Acquisition Planning, 48 CFR pt.1807.

E.6 Contracting by Negotiation, 48 CFR pt. 1815.

E.7 OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control (07/15/2016).

E.8 OMB Circular A-11, Preparing, Submitting, and Executing the Budget (08/01/2017).

E.9 NPD 1000.0, Governance and Strategic Management Handbook.

E.10 NPD 1000.3, The NASA Organization.

E.11 NPD 1200.1, NASA Internal Control.

E.12 NPD 1440.6, NASA Records Management.

E.13 NPD 2810.1, NASA Information Security Policy.

E.14 NPD 7120.4, NASA Engineering and Program/Project Management Policy.

E.15 NPD 8700.1, NASA Policy for Safety and Mission Success

E.16 NPD 8900.5, NASA Health and Medical Policy for Human Space Exploration.

E.17 NPR 1441.1, NASA Records Management Program Requirements.

E.18 NPR 7120.5, NASA Space Flight Program and Project Management Requirements.

E.19 NPR 7123.1, NASA Systems Engineering Processes and Requirements.

E.20 NPR 8705.4, Risk Classification for NASA Payloads.

E.21 NPR 8715.002B, NASA Emergency Management Program Procedural Requirements.

E.22 NASA/SP-2011-3422, NASA Risk Management Handbook.

E.23 Committee of Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Management - Integrated Framework (2004).

E.24 GAO-14-704G, Standards for Internal Control in the Federal Government (the GAO Green Book).

E.25 NIST-FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, dated March 2006.

E.26 NIST-SP 800-30, Rev. 1, Guide for Conducting Risk Assessments, dated September 18, 2012.

E.27 NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A system Life Cycle Approach for Security and Privacy. NIST-SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations, dated September 2020.

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL |
| NODIS Library | Program Management(8000s) | Search |


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.